[tor-bugs] #17991 [Tor]: Handle non-127.0.0.1 IPv4 loopback addresses
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jan 4 06:31:27 UTC 2016
#17991: Handle non-127.0.0.1 IPv4 loopback addresses
-----------------------------+--------------------------------
Reporter: teor | Owner:
Type: enhancement | Status: new
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version:
Severity: Minor | Keywords:
Actual Points: | Parent ID:
Points: | Sponsor:
-----------------------------+--------------------------------
In #17901, we identified some FreeBSD jails and OpenVZ VMs as having no
127.0.0.1. #17901 deals with those systems that have no loopback at all.
But some FreeBSD jails block access to 127.0.0.1, and have loopback on a
valid yet unexpected address, like 127.0.0.2.
Tor could bind to any address in 127/8 (or ::1, see #11360) and be
accessible locally.
One possible implementation is:
* find all addresses on all loopback interfaces (#17949)
* as a fallback, resolve localhost (#17953), and check that it's
127.0.0.0/8 or ::1
* choose the address that's closest to 127.0.0.1
* use that address as the bind address
* If there is no 127.0.0.0/8 (or ::1) on the server, reject the *Port with
a warning that tells the user to use AF_UNIX (if their system supports
it), or supply an explicit IP address if they really want their *Port
listening on a non-local address.
Operators can always specify an explicit bind address in the *Port line,
so this isn't a serious usability issue.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17991>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list